Many web users are accustomed to filling out login forms to access web accounts on Internet sites. These login forms usually ask for the username and password of an account but sometimes also for additional information such as a captcha code.
The information entered is then compared to what the site in question has stored in its database -- hopefully in encrypted form -- and access is granted if username and password match with those records.
One of the main issues of how accounts are protected is that knowledge of a user's username and password is sufficient to sign in to the account.
That's why PayPal some time ago introduced support for the optional VeriSign Identity Protection Device. The device generates a six digit code that is valid for 30 seconds which users of the service need to enter during PayPal login to access the account. Attackers who only got hold of the username and password cannot sign in without it.
Microsoft has introduced a similar system to Windows Live. Windows Live users can generate so called single-use codes before they log into Windows Live which can be used instead of the password. A single-use code is only valid once making it an ideal password replacement when logging in on public computer systems or insecure networks.
A single-use code is a code you can use instead of your password when you sign in with your Windows Live ID. Each code can be used only one time, but you can request one whenever you need one. If you're signing in on a public computer—like at the library or school—using a single-use code helps keep your account information secure
The password replacement becomes invalid the second it has been used to log into the Windows Live service. The single-use code is send to a mobile phone number registered in the Windows Live account. Here is how it works.
It begins with the editing of the Windows Live profile to add a mobile phone number to it. Users who already have a mobile phone number configured do not need to do anything.
Each Windows Live login form displays a link to use a single-use code instead at the bottom.
Not your computer? Get a single-use code to sign in with
A click on that link opens the Windows Live Single-Use Code login form. Only the Windows Live ID needs to be entered here. A click on Request a code displays a country selector and a form to enter the mobile phone number.
The single-use code can only be requested in supported countries. Codes can be send out to United Kingdom, United States, Germany, Canada and about ten additional countries.
It is advised to try sending out a single-use code once to make sure the code gets send properly to the entered mobile phone number.
The Windows Live Single-Use Code can improve the security of Windows Live users, which includes Hotmail, SkyDrive or Windows Messenger tremendously. There is obviously a new risk associated with this as well. All an attacker needs to log into the Windows Live account is the mobile phone of a user who has configured the phone number in the account. Live users need to keep that in mind if they configure the phone number in Windows Live.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.